Package: wireshark Severity: grave Tags: security Hi, from: http://www.wireshark.org/security/wnpa-sec-2007-03.html
Wireshark 0.99.7 fixes the following vulnerabilities: Wireshark could crash when reading an MP3 file. Versions affected: 0.99.6 Beyond Security discovered that Wireshark could loop excessively while reading a malformed DNP packet. Versions affected: 0.10.12 to 0.99.6 Stefan Esser discovered a buffer overflow in the SSL dissector. Versions affected: 0.99.0 to 0.99.6 The ANSI MAP dissector could be susceptible to a buffer overflow on some platforms. (Bug 1844) Versions affected: 0.99.5 to 0.99.6 The Firebird/Interbase dissector could go into an infinite loop or crash. (Bugs 1931 and 1932) Versions affected: 0.99.6 The NCP dissector could cause a crash. Versions affected: 0.99.6 The HTTP dissector could crash on some systems while decoding chunked messages. Versions affected: 0.10.14 to 0.99.6 The MEGACO dissector could enter a large loop and consume system resources. Versions affected: 0.9.14 to 0.99.6 The DCP ETSI dissector could enter a large loop and consume system resources. Versions affected: 0.99.6 Fabiodds discovered a buffer overflow in the iSeries (OS/400) Communication trace file parser. (Bug 1926) Versions affected: 0.99.0 to 0.99.6 The PPP dissector could overflow a buffer. Versions affected: 0.99.6 The Bluetooth SDP dissector could go into an infinite loop. Versions affected: 0.99.2 to 0.99.6 A malformed RPC Portmap packet could cause a crash. (Bug 1998) Versions affected: 0.8.16 to 0.99.6 CVE ids for this are pending, I will add them to this bug report if I got them. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpCG4aDcNIsS.pgp
Description: PGP signature
